Don't Click That Web Link!

In my Previous Blacklist Entry, I discussed a piece of spam I received which invited me to download their spyware removal software, and contained the following image:

I wanted to continue discussing this email, because not only was the image deceptive, but there was something seriously wrong with the web link itself. Here's the weblink:

http://spy-control-now.com/?aid=260

What is the problem with this address? The problem is that it ends with '?aid-260'. So? So what? Well, that little bit of text at the end of the web address is a parameter being passed to the website. What sort of parameter? Well, that's a good question. It's just a piece of information. The number 260. Why? I don't know. It could be anything.

Why would the web address contain the number 260 at the end of it? Well, it's possible that they have a several different products for sale, and the parameter simply tells which product to display.

So I checked that. Nope. If I changed the aid=260 to aid=261 or aid=432, or anything else, it still showed the same page. So what's going on here?

Here's my theory. I think they have a database in which each email address they sent the spam to has a number associated with it. So when I click the link, they look up the number in the database and what do they learn? They learn that my email address is a valid address, because if it wasn't I never would have got the spam, and I never would have clicked on the image.

In other words, simply by clicking on their image, I've told them that my email address is valid. And not only that, I'm the kind of person who is gullible enough to click on spam. So will they send me more stuff? You bet they will. By clicking that link, I've probably increased the amount of spam I get.

Now I feel bad. Because whoever has email address number 261, and 432, I've clicked on their links too. Hmmm...what to do?

Eureka! I've got it! I'll build a little Visual Basic Application to effectually click the website with every possible parameter value! Then all their information is invalidated.

And in the process, I'll tie up their network resources. All things considered, I'll have performed a valuable community service.

You're welcome.

A Helpful HintNever click on a weblink from a spammer. And if you do, check to make sure there aren't any parameters at the end of the address. (A parameter is anything after a questionmark.)